HttpRequestException：检索 Google 用户信息时发生错误（禁止访问）。在 Asp.net 核心

Question

我正在尝试在我的 asp.net 核心应用程序中启用社交登录。我已经成功整合了 facebook 和 twitter，并且运行良好。但是在集成 Google 时，在返回到回调 URL 时它吐出了这个错误页面。

我也在为流程使用自定义控制器

[Route("signin/{provider}")]
public IActionResult SignIn(string provider, string returnUrl = null) => 
        Challenge(new AuthenticationProperties { RedirectUri = returnUrl ?? 
          "/" }, provider);

以上代码是我的自定义控制器调用auth.cs。

services.AddAuthentication(options => {
     options.DefaultAuthenticateScheme = 
CookieAuthenticationDefaults.AuthenticationScheme;
     options.DefaultChallengeScheme = 
CookieAuthenticationDefaults.AuthenticationScheme;
     options.DefaultSignInScheme = 
CookieAuthenticationDefaults.AuthenticationScheme;
})
.AddFacebook(options => 
          {
            options.AppId = "";
            options.AppSecret = "";
        })
.AddTwitter(options =>
        {
            options.ConsumerKey = "";
            options.ConsumerSecret = 
"";
})
.AddGoogle(options => {
            options.ClientId = 
"<my client Id>";
            options.ClientSecret = "<my client secret>";
})
.AddCookie(options => {
            options.LoginPath = "/auth/signin";
});

我预计一旦我使用 googles Oauth 2 登录。* 它应该重定向回我的应用程序而不是显示错误页面

Answer 1

根据官方 Quick Start，你试过 IdentityServerConstants.ExternalCookieAuthenticationScheme;

    .AddGoogle("Google", options =>
    {
        options.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;

        options.ClientId = "<insert here>";
        options.ClientSecret = "<insert here>";
    })

Answer 2

我遇到这个错误是因为我没有从 google developer console

启用服务

所以当我启用它时，一切正常。

这是我在启用它之前遇到的错误。

Answer 3

https://docs.microsoft.com/en-us/aspnet/core/security/authentication/social/google-logins?view=aspnetcore-2.2

Blockquote In January 2019 Google started to shut down Google+ sign in and developers must move to a new Google sign in system by March. The ASP.NET Core 2.1 and 2.2 packages for Google Authentication will be updated in February to accommodate the changes. For more information and temporary mitigations for ASP.NET Core, see this GitHub issue. This tutorial has been updated with the new setup process.

Answer 4

试试这个：

.AddGoogle("Google", o=>
{
    o.ClientId = "<insert here>";
    o.ClientSecret = "<insert here>";
    o.UserInformationEndpoint = "https://www.googleapis.com/oauth2/v2/userinfo";
    o.ClaimActions.Clear();
    o.ClaimActions.MapJsonKey(ClaimTypes.NameIdentifier, "id");
    o.ClaimActions.MapJsonKey(ClaimTypes.Name, "name");
    o.ClaimActions.MapJsonKey(ClaimTypes.GivenName, "given_name");
    o.ClaimActions.MapJsonKey(ClaimTypes.Surname, "family_name");
    o.ClaimActions.MapJsonKey("urn:google:profile", "link");
    o.ClaimActions.MapJsonKey(ClaimTypes.Email, "email");
})

Answer 5

同样的问题，卡了大概两天。幸运的是，我深入研究并发现了一些新的东西，在 asp.net core 2* 及以上版本中，你需要提到 UserInformationEndpoint。它将在从 console.google.developer.
下载的 json 文件中提供 请在下面找到详细信息。

services.AddAuthentication()
        .AddGoogle(options =>
        {
            options.ClientId = "196275387351-has575ff9m45ka8ld17s0qtps42jkmtt.apps.googleusercontent.com";
            options.ClientSecret = "MoYpnVChG8VeDiGCw4XYrLH0";
            options.UserInformationEndpoint= "https://www.googleapis.com/oauth2/v1/certs";
          });

控制器：帐户

public IActionResult ExternalLogin(string provider, string returnUrl)
{
    var redirectUrl = Url.Action("ExternalLoginCallback", "Account", new { ReturnUrl = returnUrl });
    var properties = signInManager.ConfigureExternalAuthenticationProperties(provider, redirectUrl);
    return new ChallengeResult(provider, properties);
}

已下载Json

"auth_provider_x509_cert_url":"https://www.googleapis.com/oauth2/v1/certs"